[openssl-project] Entropy seeding the DRBG

Salz, Rich rsalz at akamai.com
Tue Apr 3 16:58:17 UTC 2018


>    Please note that that 50% extra is only used for instantiating the
    DRBG. On reseed we it only uses 256 bits.
  
True.  And now we're finding that VMS won't work.  And I bet there are other systems that will also find this amount excessive.
  
>    There is an alternative to that 50% extra, but it's not making
    sense to me.
  
Shrug.
  
>    The 1.1.0 version also used 256 bit.
  
The 1.1.0 code was pre-DRBG and was a piece of crap.  Using AES/DRBG is stronger, better, and for the normal case 128 bits is enough.





More information about the openssl-project mailing list